Conventional technologies that are provided at the kernel level include kernel protection mechanisms. Kernel protection mechanisms allow enforcement of kernel protection measures that prevent portions of the kernel from being executed and/or modified. These mechanisms are useful for thwarting at least some malware and helping to safeguard the integrity of the kernel.
One issue that has arisen is that these kernel protection mechanisms are not compatible with other technologies that require write and/or execute access to the kernel. That is, the kernel protection mechanisms may render other technologies inoperable. For example, the kernel protection mechanisms may prevent device drivers and other modules from being loaded into the kernel. Further, the kernel protection mechanisms prevent modules from being unloaded from memory. For example, module unloading instructions are unable to be executed and the memory occupied by the modules is unable to be re-allocated for other uses. These issues result in the kernel protection mechanisms being impractical for use in production environments.
Accordingly, while kernel protection mechanisms may be helpful in some ways, they may also counter useful features that allow users to perform beneficial activities such as loading and unloading of kernel modules. It would be advantageous to allow kernel modules to be loaded and unloaded, while at the same time allowing kernel protection mechanisms to be implemented. The techniques provided herein offer module loading and unloading in a protected kernel environment.